About path queries
A path query is a CodeQL query with the property @kind path-problem
. You can find a number of these in the standard CodeQL libraries.
You can run the standard CodeQL path queries to identify security vulnerabilities and manually look through the results. For more information about how CodeQL tracks data flow, see "About data flow analysis" in the CodeQL documentation.
Once you're familiar with data flow analysis and existing queries, you can write your own path queries in CodeQL. For more information, see "Next steps."
Running path queries in VS Code locally
- Open a path query in VS Code.
- Right-click in the window with the query open, and select CodeQL: Run Query on Selected Database. Alternatively, you can also run this from the VS Code Command Palette.
- Once the query has finished running, you can see the results in the "Results" view (under
alerts
in the dropdown menu). Each query result describes the flow of information between a source and a sink. - Expand the result to see the individual steps that the data follows.
- Click each step to jump to it in the source code and investigate the problem further.
Next steps
For information about how to use the correct format and metadata for your own path queries, see "Creating path queries" in the CodeQL documentation. The CodeQL documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard CodeQL libraries to suit your analysis.